Trojan and Executable Scanner
The Trojan and Executable Scanner analyzes and determines the function of executable files attached to emails. This scanner can subsequently quarantine any executables that perform suspicious activities (such as Trojans).
How does the Trojan & Executable Scanner work?
GFI MailEssentials rates the risk-level of an executable file by decompiling the executable, and detecting in real-time what the executable might do. Subsequently, it compares capabilities of the executable to a database of malicious actions and rates the risk level of the file. With the Trojan & Executable scanner, you can detect and block potentially dangerous, unknown or one-off Trojans before they compromise your network.
Configuring the Trojan & Executable Scanner
- Go to Email Security > Trojan & Executable Scanner.
- Select Enable Trojan & Executable Scanner to activate this filter.
- In Email checking area, specify the emails to check for Trojans and other malicious executables by selecting:
Option | Description |
---|---|
Scan Inbound SMTP Email | Scan incoming emails for Trojans and malicious executable files. |
Scan Outbound SMTP Email | Scan outgoing emails for Trojans and malicious executable files. |
- From the Security settings area, choose the required level of security:
Security Level | Description |
---|---|
High Security | Blocks all executables that contain any known malicious signatures |
Medium Security | Blocks suspicious executables. Emails are blocked if an executable contains one high-risk signature or a combination of high-risk and low-risk signatures. |
Low Security | Blocks only malicious executables. Emails are blocked if an executable contains at least one high-risk signature. |
- From Actions tab, configure the actions you want GFI MailEssentials to take on emails containing a malicious executable.
NOTE
Emails blocked by the Trojan & Executable Scanner are always quarantined.
- To send email notifications whenever an email gets blocked, check any of the following options:
Option | Description |
---|---|
Notify administrator |
To notify the administrator whenever this engine blocks an email. For more information refer to Administrator email address. For more information refer to Administrator email address. |
Notify local user | To notify the email local recipients about the blocked email. |
- To log the activity of this engine to a log file, check Log rule occurrence to this file and specify the path and file name to a custom location on the disk to store the log file. By default, log files are stored in:
<GFI MailEssentials installation path>\GFI\MailEssentials\EmailSecurity\Logs\<EngineName>.log
- In the Updates tab, check Automatically check for updates to enable automatic updating for the selected engine.
- From the Downloading option list, select one of the following options:
Option | Description |
---|---|
Only check for updates | Select this option if you want GFI MailEssentials to just check for and notify the administrator when updates are available for this engine. This option does NOT download the available updates automatically. |
Check for updates and download | Select this option if you want GFI MailEssentials to check for and automatically download any updates available for this engine. |
- Specify how often you want GFI MailEssentials to check and download updates for this engine, by specifying an interval value in hours.
- From Update options area, check Enable email notifications upon successful updates to send an email notification to the administrator whenever the engine updates successfully.
NOTE
An email notification is always sent when an update fails.
- To force the most recent updates you have two options:
Option | Description |
---|---|
Download updates | Trigger the update process manually. It is an incremental update where only the most recent definitions are updated. |
Force full updates | This option forces a new version of the engine to be downloaded and replaced. This option is slower and consumes more bandwidth. |
- Click Apply.